As noted by hel in an earlier post last year google began to push websites to use https instead of http as a security update. A few months ago they began to actually began to display that little red triangle;"not secure" on browser address lines.

We hand coded an update to make the LOGIN page https. This is the page where user credentials are passed and the only sensitive data we store. Once a member has logged in the site reverts to http (and the alert begins to display in browsers). Using https on all pages actually breaks some things the forum. Offsite links and hosted images no longer work, ads don't display, photos, etc.

So... as you login the page is secure (https) but once you have logged in the regular site is http. Since no login/pass info is being sent on these pages we believe this is safe and reasonable. There's little we can do to change this until we move to a new forum software platform which eventually we will have to do.

Yeah, the need to move everything to https seems.. overblown. On a leisure web forum like this, even the risk of the login page would be mitigated if we knew everyone was following proper password hygiene and using a different password for each website.